troubleshooting Question

Rogue RDP Connections

Avatar of yohayon
yohayon asked on
Windows Server 2012Network SecuritySecurityNetwork ArchitectureWindows Networking
5 Comments2 Solutions318 ViewsLast Modified:
Since I noticed my ethernet connection performance as being saturated on my Windows 2012 R2 server,  I ran the netstat command & noticed alot of ip addresses having established connections to 3389. When looking further, I see that these ip addresses are from many different countries like korea, china, russia, turkey... What can I do to prevent these rogue connections? Are they authenticating to my server? Could there be an app on the server thats allowing this?
See only one example below:
  C:\Windows\system32>netstat -na | find "3389"
  TCP               LISTENING
Join our community to see this answer!
Unlock 2 Answers and 5 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 2 Answers and 5 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros